Asp net core web api using facebook google oauth access token for authenticatio


ASP.NET is a popular programming language used for building web applications. It provides a framework for dynamic websites, web , and web APIs. In this article, we will explore how to use ASP.NET Core Web API with Facebook and Google OAuth access tokens for authentication.

Setting up the ASP.NET Core Web API

To get started, let's create a new ASP.NET Core Web API project. Open Visual Studio and select “Create a new project.” Choose the ASP.NET Core Web Application template and provide a name for your project. Select the API template and click “Create.”

Once the project is , we need to configure the authentication middleware to support Facebook and Google OAuth. Open the Startup.cs file and locate the method. Add the following code to configure the authentication services:

public void ConfigureServices(IServiceCollection services)
    services.AddAuthentication(options =>
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    .AddJwtBearer(options =>
        options.Authority = Configuration["Jwt:Authority"];
        options.Audience = Configuration["Jwt:Audience"];
    .AddFacebook(options =>
        options.AppId = Configuration["Facebook:AppId"];
        options.AppSecret = Configuration["Facebook:AppSecret"];
    .AddGoogle(options =>
        options.ClientId = Configuration["Google:ClientId"];
        options.ClientSecret = Configuration["Google:ClientSecret"];


In the code above, we configure the authentication middleware to use JWT bearer authentication as the default scheme. We also add support for Facebook and Google OAuth by providing the respective app IDs and secrets.

Handling Facebook and Google OAuth Access Tokens

Now that we have configured the authentication services, let's see how we can handle Facebook and Google OAuth access tokens in our ASP.NET Core Web API.

To a user using Facebook or Google, we need to obtain an access token from the respective provider. Once we have the access token, we can use it to authenticate the user and authorize their requests.

Let's create an API endpoint that accepts a Facebook or Google access token and returns a JWT token for the authenticated user. Add the following code to your controller:

public IActionResult Authenticate([FromBody] TokenRequest request)
    // Validate the access token
    var validationParameters = new TokenValidationParameters
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = Configuration["Jwt:Issuer"],
        ValidAudience = Configuration["Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))

    ClaimsPrincipal claimsPrincipal;
    var tokenHandler = new JwtSecurityTokenHandler();

        claimsPrincipal = tokenHandler.ValidateToken(request.AccessToken, validationParameters, out _);
    catch ()
        return Unauthorized();

    // Create a JWT token for the authenticated user
    var tokenDescriptor = new SecurityTokenDescriptor
        Subject = claimsPrincipal.Identity as ,
        Expires = DateTime.UtcNow.AddDays(7),
        SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"])), SecurityAlgorithms.HmacSha256Signature)

    var token = tokenHandler.CreateToken(tokenDescriptor);
    var jwtToken = tokenHandler.WriteToken(token);

    return Ok(new { Token = jwtToken });

In the code above, we first validate the access token using the TokenValidationParameters. If the validation fails, we return an Unauthorized response.

If the access token is valid, we create a JWT token for the authenticated user. The token is signed using a symmetric key, is stored in the app configuration. We set the token's expiration date and return it as a response.


In this article, we have seen how to use ASP.NET Core Web API with Facebook and Google OAuth access tokens for authentication. We configured the authentication middleware to support Facebook and Google OAuth and implemented an API endpoint to handle the access tokens and return a JWT token for the authenticated user.

By leveraging the power of ASP.NET Core and OAuth, you can easily integrate social login functionality into your web applications and provide a seamless authentication for your .

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents